Why not build a dedicated machine for Snort? There are several Linux flavours that were built as router/gateway OSes and come with Snort and other packages (ClamAV, SpamAssassin, Privoxy, Squid, etc)Whitepaper of IPS/IDSMore whitepapers